Skip to main content

Configuring CxSAST for using a non-default Port

By default, CxSAST uses port 80 for communications. You can change the port, for example to port 8080.

To change the CxSAST communication port, you need to first change the web server listening port, and then perform additional configuration on CxSAST as illustrated in the sections below.

Changing the Web Server Listening Port

Change the web server listening port according to one of the following procedures, depending on which web server CxSAST is using:

Additional CxSAST Configuration

Now that that the web server listening port is configured, perform the following CxSAST configuration:

  1. Open the following file for editing:

    C:\Program Files\Checkmarx\CheckmarxWebPortal\Web\web.config

  2. Find the key CxWSResolver.CxWSResolver, and change the line to:

    <add key="CxWSResolver.CxWSResolver" value="http://localhost:<port>/CxWebInterface/CxWSResolver.asmx" />

    where <port> is the new port number. For example:

    <add key="CxWebServices.CxWSResolver" value="http://localhost:8080/CxWebInterface/CxWSResolver.asmx" />

  3. Open the following file for editing:

    C:\Program Files\Checkmarx\Checkmarx Engine Server\CxSourceAnalyzerEngine.WinService.exe.config

  4. Open the following file for editing: "<Checkmarx Installation Folder>\Checkmarx Engine Server\CxSourceAnalyzerEngine.WinService.exe.config".

  5. Find the phrase "http://" and change the line to: <add baseAddress="http://localhost:<port>/CxSourceAnalyzerEngineWCF/CxEngineWebServices.svc"/> where <port> is the new port number. For example: <add baseAddress="http://localhost:8080/CxSourceAnalyzerEngineWCF/CxEngineWebServices.svc"/>"

  6. Run the following command in elevated CMD with correct parameters:

    netsh http add urlacl url=http://+:80/CxSourceAnalyzerEngineWCF/CxEngineWebServices.svc user="NT AUTHORITY\NETWORK SERVICE"

    Notice

    The number 80 in - ".....=http://+:80/Cx...."

    The domain\user in - "....vc user="NT AUTHORITY\NETWORK SERVICE" if the user running the Cx Engine service is not the default "Network Service"

  7. In order for CxARM, plugins and the CLI tool to work with the new port, you need to run the following DB query::

    UPDATE [CxDB].[dbo].[CxComponentConfiguration]

    SET Value = 'http(s)://your_cx_portal_hostname:port'

    WHERE [Key] = 'IdentityAuthority'

  8. In the Windows Service Manager, restart the following services:

    CxScanEngine CxScanManager

  9. In a distributed deployment:

    1. Log into the CxSAST web interface, using the new port number in the browser address bar. For example:

      http://localhost:8080/CxWebClient/login.aspx

    2. Go to Management > Server Settings > Installation Information, and under Engine Servers, edit the server address to include the new port number.

  10. If you use CxAudit:

    1. On the CxSAST server, open the following file for editing:

      C:\Program Files\Checkmarx\Checkmarx Audit\CxAudit.exe.config

    2. Find the SERVER_ADDRESS key, and edit its value to include the new port number. For example:

      <add key="SERVER_ADDRESS" value="http://localhost:8080" />

    3. If CxAudit was already run, repeat the previous step on the following file:

      C:\Users\USERNAME\AppData\Local\Checkmarx\CxAudit\CxAudit.exe.config